0 votes

hello!

We are trying to clean up our AD specifically the computer portion. We want to match up the computers w/ the user or rather have an organized idea of what machines belong to who and place it in a group for easy modification as the need arise.

Essentially, we'd like to see if a computer name contains a username, and if the department of that user = IT for instance, move the computer object into the comp_IT group.

sounds a bit confusing, but hopefully you understand, or perhaps there's a better way to execute this?

Any help would be appreciated. Thank you

by (1.7k points)

1 Answer

0 votes
by (215k points)
selected by
Best answer

Hello,

Essentially, we'd like to see if a computer name contains a username, and if the department of that user = IT for instance, move the computer object into the comp_IT group.

This can be easily achieved with the help of a PowerShell script. For example the following script can be used to locate a computer object whose name contains the username of the user on which the script is executed. If such a computer is found, the script adds it to the group that corresponds to the user's department.

Also, you can create a Scheduled Task that will run the script on a certain periodic basis to keep in sync with changes in your AD. For information on how to create a Scheduled Task, see the following tutorial: http://www.adaxes.com/tutorials_Automat ... gement.htm. To add a script to a Scheduled Task, use the Run a program or PowerShell script action.


In the script, $departmentInfos specifies a hash table of all the departments and matching AD groups.

The script:

$departmentInfos = @{
    "Sales" = "Comp_Slaes"
    "IT" = "Comp_IT"
} # TODO: modify me. Example $departmentInfos = @{"<department name>" = "<group_name>"}

function GetObjectPath($filter, $domainName)
{
    $searcher = $Context.BindToObject("Adaxes://$domainName/rootDSE")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500

    try
    {
        $searchResult = $searcher.ExecuteSearch()
        $objects = $searchResult.FetchAll()

        if ($objects.Count -eq 0)
        {
            return $NULL
        }

        return $objects[0].AdsPath
    }
    finally
    {
        $searchResult.Dispose()
    }
}

# Get the user's computer path
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$computerPath = GetObjectPath "(&(objectCategory=computer)(sAMAccountName=*%username%*))" $domainName
if ($computerPath -eq $NULL)
{
    $Context.LogMessage("A user's computer could not be found", "Warning")
    return
}

# Search group matching the department
$groupName = $departmentInfos["%department%"]
if ($groupName -eq $NULL)
{
    $Context.LogMessage("No group specifieded for department '%department%'", "Warning")
    return
}
$groupPath = GetObjectPath "(&(objectCategory=group)(sAMAccountName=$groupName))" $domainName
if ($groupPath -eq $NULL)
{
    $Context.LogMessage("Group '$groupName' does not exist", "Warning")
    return
}

# Add the computer to group
$group = $Context.BindToObject($groupPath)
$group.Add($computerPath)

Related questions

0 votes
1 answer

Dear support, The current limitation of powershell 2.0 in script is getting more and more a problem for us. I am for instance unable to use the ConverTo-Json cmdlet what ... in version 3.0 that is very very handy when working with web services. Regards,

asked Jan 22, 2016 by Pierre (750 points)
0 votes
0 answers

Hello, I'm writing another approval cleanup script but i cannot seem to find the attribute I am looking for. When u check the Adaxes Console u can see a request date ... ://&lt;GUID=$guid&gt;" $request = $admService.OpenObject($requestPath, $NULL, $NULL, 0) }

asked Jul 14, 2015 by kerremansserge (470 points)
0 votes
1 answer

Specifically I am looking to set Auto-Decline Invitations to Yes, and cancel all meetings (and use Inside My Organization reply). These appear to be new(ish) ... not able to find examples in the SDK documentation for setting these options via Powershell.

asked May 18 by Brian F (20 points)
0 votes
1 answer

Let's say I have a Business Rule that is fired prior to adding members to a group. Is it possible to get the number of objects being added to that group as ... that tells me that 6 objects will be added or is each added user treated completely independently?

asked Apr 20 by ngb (90 points)
0 votes
1 answer

Receive "Index operation failed; the array index evaluated to null. Stack trace: at &lt;ScriptBlock&gt;, &lt;No file&gt;: line 104&gt;" and "Index operation failed; the ... $GroupName, $GroupDN." } } #foreach write-output "" Write-Output "" Stop-Transcript

asked Apr 14 by jbahou (20 points)
2,740 questions
2,474 answers
6,475 comments
1,372,083 users